SlideShare a Scribd company logo

Protection of personal data in a business context

Clement Levallois
Clement Levallois

Slides of the course on big data by Clement Levallois from EMLYON Business School. For business students. Check the online video connected with these slides. -> Basic concepts relating to the protection of personal data in the EU and in China, USA, India and Russia: what are the legal frameworks and what is expected from businesses.

Business
1 of 26
Download to read offline
MK99 – Big Data 1 Big data & cross-platform analytics MOOC lectures Pr. Clement Levallois
MK99 – Big Data 2 Protection of Personal Data in a Business Context
MK99 – Big Data 3 Preliminary distinctions to be made (1) Recognized as a creation of the mind? This piece of data in my organization (2) Recognized as personal data Neither (1) nor (2) Intellectual property rights apply Personal data protection applies Open data is possible TOPIC FOR TODAY (3) In all cases: concern for cyber security applies
MK99 – Big Data 4 What is “the data” we talk about? •Information to be processed automatically –Hint: data on computers, not unstructured written notes •Or intended to be processed automatically –Hint: paper records to be fed in a computer, not any pile of paper •Or structured information that can be used to facilitate the retrieval of specific information on specific individuals –Hint: paper records, filing systems
MK99 – Big Data 5 What can go wrong? •Users can be stripped of their right to privacy •Companies big and small can be prosecuted –February 2014: Google condemned to 150,000 euros fine by CNIL and to 900,000 euros fine by the Spanish Data Protection Authority –https://gigaom.com/2014/02/07/google-must-post-news-of-privacy-fine-after-french-court-refuses-to- suspend-order/ –15 July 2014: The owner of a marketing company trading as Vintels has been prosecuted for failing to notify the ICO of changes to his notification at Willesden Magistrates Court today. Jayesh Shah was fined £4000, ordered to pay costs of £2703 and a £400 victim surcharge. –http://ico.org.uk/enforcement/prosecutions (but the amounts are not powerful deterrents?)
MK99 – Big Data 6 EU: the most restrictive legal framework •Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data •To guarantee and facilitate the free movement of personal data across EU States. •No right to export personal to a non EU-country with a lower level of personal data protection.
MK99 – Big Data 7 Who is in charge of data protection? •EU Directive of 1995 distinguishes between –Data controller •The one in charge of setting up the data protection policy. •Ex: in the UK, the DC is in charge of declaring the personal data being processed to the ICO register. •See for instance: http://ico.org.uk/ESDWebPages/DoSearch?reg=498470 –Data processor •The one in charge of implementing the policy
MK99 – Big Data 8 What is personal data •Personal data relates to a living individual who can be identified: •(a) from those data, or •(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, •and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
MK99 – Big Data 9 What is personal data •France – National Commission on Informatics and Liberties (CNIL) –Data which relates directly or indirectly to an individual who is or can be identified from this data –To know if a person can be identified from the data, one should consider all means available to the agents holding the data, or to anyone else. –Datasets must be declared to the CNIL, by law.
MK99 – Big Data 10 U.S.A. •Framework on data protection for data collected / held by the Federal government •But no general framework on data protection outside the Fed. gov •Safe Harbor Act –Managed by the Federal Trade Commission –Reason: EU orgs can’t transfer EU data to the US because US is less protective than the EU –US companies joining the SH Act voluntarily comply to the spirit of the EU directive
MK99 – Big Data 11 India •IT Act of 2000 + IT Rules 2011 •Focus on sensitive personal information –Passwords –Financial information –Health condition –Sexual orientation –Biometric information •No need to declare data processing activities to an authority
MK99 – Big Data 12 China •Not enacted a single piece of legislation for the protection of data –Except for general laws: National People’s Congress Standing Committee Decision concerning Strengthening Network Information Protection (http://tinyurl.com/npcdecision) •Rather, sector based pieces of legislation –Such as: Regulation on Personal Information Protection of Telecom and Internet Users (MIIT Regulation) (http://tinyurl.com/miitdecision)
MK99 – Big Data 13 Brazil •Data privacy regulations –Made of the Brazilian constitution, the civil code, the Brazilian consumer protection and defense code •Notion of “Habeas data”, in reference to the Habeas Corpus. –The right for individual to access and edit their personal information in public and consumer databases, even after their consent has been granted •No privacy regulation authority
MK99 – Big Data 14 Russia •Sensitive data (relating to race, politics, etc.) requires consent in written form before processing •A processor of personal data must notify the Federal Service for Supervision of Communications, Information Technologies and Mass Media (Roskomnadzor) before it begins to process personal data •No specific regulations on cookies
MK99 – Big Data 15 Basic principles 1.Consent: users must give their approval on sharing their data 2.Adequacy: data is collected for the purposes stated, not more, not for a longer duration 3.Transparency: under the control of the user (view / edit / delete) 4.Safety: reasonable procedures should be in place to insure points 1 to 3 are applied, and to make sure the data is secure.
MK99 – Big Data 16 Consent •Prior consent is required before collecting personal data in view of processing it –Data collection policy should be made clearly available to users –Opt out should be possible –Consent should be presented clearly (as in the new EU regulation) •Some exemptions: cookies used to deliver the core service delivered to the user (session cookies, purchase basket cookies…) •Bear in mind that cookies are just one kind of many tracers to identify users
MK99 – Big Data 17 Adequacy •Websites, mobile apps and social media logins should ask for permissions exactly necessary to run the service, not more •Time out: information should be deleted when service stops –in France, there is a 13 month limit after which consent must be renewed
MK99 – Big Data 18 Transparency •Information should be available on request –In 2011, an Austrian student requested all his Facebook data. He got 1,200 pages of it. –As of 2014, you can download all your FB data in one click. •Users should be able to edit, update, delete their information -> See European ruling on “Right to be forgotten”
MK99 – Big Data 19 Safety •All reasonable precautions should be taken against data breaches. •Precautions taken should be scaled to the damage which would result from a breach in security •Basics: define and manage access rights to each relevant aspects of the data. •Users should be told about security breaches potentially affecting their data
MK99 – Big Data 20 Where big data changes the deal •One dataset in itself does not always reveal personal information. However: several datasets combined, + use of data mining techniques, + knowledge of the domain, + hacker approach (clever guesses etc.) = identification often possible Big data
MK99 – Big Data 21 Harvard Researchers Accused of Breaching Students' Privacy •1.2 million Facebook accounts from 4 different Universities collected by a Harvard research team •Little info on each account (age, gender…), all anonymized •But… tracing who befriends whom + demographics info can de-anonymize the dataset Source: http://chronicle.com/article/Harvards-Privacy-Meltdown/128166/ “One issue, Mr. Zimmer says, is that someone might be able to figure out individual students' identities. People with unique characteristics could be discovered on the basis of what the Harvard group published about them. (For example, the original code book lists just three students from Utah.) “He's right about how easy it is to identify people who are presumably part of the data set. By searching a Facebook group of Harvard's Class of 2009, a Chronicle reporter quickly tracked down one of those three Utah students. Her name is Sarah M. Ashburn. The 24-year-old is in Haiti working for a foundation that helps AIDS victims.”
MK99 – Big Data 22 London’s bike-share program unwittingly revealed its cyclists’ movements for the world to see “Those are journeys made between 4am and 10am [by a single bike-share user]. They head in one direction: towards King’s Cross (in fact, to the only cycle docking station near the Guardian’s headquarters). And they come from two places, suggesting this person spends the night at a location that is not home.” Source: http://qz.com/199209/londons-bike-share-program-unwittingly-revealed-its-cyclists-movements-for-the-world-to-see/
MK99 – Big Data 23 Riding with the Stars: Passenger Privacy in the NYC Taxicab Dataset Source: http://research.neustar.biz/2014/09/15/riding-with-the-stars-passenger-privacy-in-the-nyc- taxicab-dataset/ Bradley Cooper Jessica Alba “In Brad Cooper’s case, we now know that his cab took him to Greenwich Village, possibly to have dinner at Melibea, and that he paid $10.50, with no recorded tip.”
MK99 – Big Data 24 Best practices for data protection in a big data world •Basic rule: this is not because users granted access to different pieces of data that they granted rights to access / dissemination to all the personal information that can be reconstructed from it. •Beware access rights to geolocalized, network, timestamped and textual data –All are very informative even when anonymized, especially when crossed together. •Beware the long tail –While very common profiles (“average joe”) might be hard to identify in a dataset, odd profiles stand out easily and might be put at risk of being de- anonymized.
MK99 – Big Data 25 Last note: data protection in a post-Snowden world •Assumption: your national state and surely others have access to the servers and communications of organizations. •If not, states can issue legal injunctions to organizations to deliver private information. •This means that data protection for individuals, by companies, has limits: it is not free from state surveillance. •Except… for companies that put personal data protection at the heart of their business model? Snowden cites https://spideroak.com/ as an example. July 2014: Snowden on data privacy, technology, cloud companies and more.
MK99 – Big Data 26 This slide presentation is part of a course offered by EMLYON Business School (www.em-lyon.com) Contact Clement Levallois (levallois [at] em-lyon.com) for more information.

Recommended

Data Protection and IDEA
Data Protection and IDEAData Protection and IDEA
Data Protection and IDEAAuditWare Systems Ltd.
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowEamonnORagh
 
Processing of Personal Data. What’s new?
Processing of Personal Data. What’s new?Processing of Personal Data. What’s new?
Processing of Personal Data. What’s new?Awara Direct Search
 
Big Data in Human Resources
Big Data in Human ResourcesBig Data in Human Resources
Big Data in Human ResourcesMatthias Vallaey
 
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...MongoDB
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection PresentationIBM Business Insight
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacylegalPadmin
 

Recommended

Data Protection and IDEA
Data Protection and IDEAData Protection and IDEA
Data Protection and IDEAAuditWare Systems Ltd.
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowEamonnORagh
 
Processing of Personal Data. What’s new?
Processing of Personal Data. What’s new?Processing of Personal Data. What’s new?
Processing of Personal Data. What’s new?Awara Direct Search
 
Big Data in Human Resources
Big Data in Human ResourcesBig Data in Human Resources
Big Data in Human ResourcesMatthias Vallaey
 
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...MongoDB
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection PresentationIBM Business Insight
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacylegalPadmin
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Big Data Analytics
Big Data AnalyticsBig Data Analytics
Big Data AnalyticsGlobal Business Solutions SME
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection 13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection Worksighted
 
HR / Talent Analytics
HR / Talent AnalyticsHR / Talent Analytics
HR / Talent AnalyticsAkshay Raje
 
Part 2: covid-19 on Twitter, with a focus on 3 new seed accounts
Part 2: covid-19 on Twitter, with a focus on 3 new seed accountsPart 2: covid-19 on Twitter, with a focus on 3 new seed accounts
Part 2: covid-19 on Twitter, with a focus on 3 new seed accountsClement Levallois
 
Education et intelligence artificielle
Education et intelligence artificielleEducation et intelligence artificielle
Education et intelligence artificielleClement Levallois
 
3 familles d'intelligence artificielle et leurs applications business
3 familles d'intelligence artificielle et leurs applications business3 familles d'intelligence artificielle et leurs applications business
3 familles d'intelligence artificielle et leurs applications businessClement Levallois
 
Présentation FrenchWeb: Qu'est-ce que la visualisation des données?
Présentation FrenchWeb: Qu'est-ce que la visualisation des données?Présentation FrenchWeb: Qu'est-ce que la visualisation des données?
Présentation FrenchWeb: Qu'est-ce que la visualisation des données?Clement Levallois
 
Presentation of programming languages for beginners
Presentation of programming languages for beginnersPresentation of programming languages for beginners
Presentation of programming languages for beginnersClement Levallois
 
Umigon: crowdsourcing in the classroom
Umigon: crowdsourcing in the classroomUmigon: crowdsourcing in the classroom
Umigon: crowdsourcing in the classroomClement Levallois
 
Data visualization: enjeux pour le business
Data visualization: enjeux pour le businessData visualization: enjeux pour le business
Data visualization: enjeux pour le businessClement Levallois
 
Twitter for beginners
Twitter for beginnersTwitter for beginners
Twitter for beginnersClement Levallois
 
An explanation of machine learning for business
An explanation of machine learning for businessAn explanation of machine learning for business
An explanation of machine learning for businessClement Levallois
 
Data and personalization
Data and personalizationData and personalization
Data and personalizationClement Levallois
 
A Primer on Text Mining for Business
A Primer on Text Mining for BusinessA Primer on Text Mining for Business
A Primer on Text Mining for BusinessClement Levallois
 
The business stakes of data integration
The business stakes of data integrationThe business stakes of data integration
The business stakes of data integrationClement Levallois
 
What is big data?
What is big data?What is big data?
What is big data?Clement Levallois
 
What is "data"?
What is "data"?What is "data"?
What is "data"?Clement Levallois
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 

More Related Content

Viewers also liked

Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection 13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection Worksighted
 
HR / Talent Analytics
HR / Talent AnalyticsHR / Talent Analytics
HR / Talent AnalyticsAkshay Raje
 

Viewers also liked (6)

Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Big Data Analytics
Big Data AnalyticsBig Data Analytics
Big Data Analytics
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection 13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection
 
HR / Talent Analytics
HR / Talent AnalyticsHR / Talent Analytics
HR / Talent Analytics
 

More from Clement Levallois

Part 2: covid-19 on Twitter, with a focus on 3 new seed accounts
Part 2: covid-19 on Twitter, with a focus on 3 new seed accountsPart 2: covid-19 on Twitter, with a focus on 3 new seed accounts
Part 2: covid-19 on Twitter, with a focus on 3 new seed accountsClement Levallois
 
Education et intelligence artificielle
Education et intelligence artificielleEducation et intelligence artificielle
Education et intelligence artificielleClement Levallois
 
3 familles d'intelligence artificielle et leurs applications business
3 familles d'intelligence artificielle et leurs applications business3 familles d'intelligence artificielle et leurs applications business
3 familles d'intelligence artificielle et leurs applications businessClement Levallois
 
Présentation FrenchWeb: Qu'est-ce que la visualisation des données?
Présentation FrenchWeb: Qu'est-ce que la visualisation des données?Présentation FrenchWeb: Qu'est-ce que la visualisation des données?
Présentation FrenchWeb: Qu'est-ce que la visualisation des données?Clement Levallois
 
Presentation of programming languages for beginners
Presentation of programming languages for beginnersPresentation of programming languages for beginners
Presentation of programming languages for beginnersClement Levallois
 
Umigon: crowdsourcing in the classroom
Umigon: crowdsourcing in the classroomUmigon: crowdsourcing in the classroom
Umigon: crowdsourcing in the classroomClement Levallois
 
Data visualization: enjeux pour le business
Data visualization: enjeux pour le businessData visualization: enjeux pour le business
Data visualization: enjeux pour le businessClement Levallois
 
An explanation of machine learning for business
An explanation of machine learning for businessAn explanation of machine learning for business
An explanation of machine learning for businessClement Levallois
 
A Primer on Text Mining for Business
A Primer on Text Mining for BusinessA Primer on Text Mining for Business
A Primer on Text Mining for BusinessClement Levallois
 
The business stakes of data integration
The business stakes of data integrationThe business stakes of data integration
The business stakes of data integrationClement Levallois
 

More from Clement Levallois (14)

Part 2: covid-19 on Twitter, with a focus on 3 new seed accounts
Part 2: covid-19 on Twitter, with a focus on 3 new seed accountsPart 2: covid-19 on Twitter, with a focus on 3 new seed accounts
Part 2: covid-19 on Twitter, with a focus on 3 new seed accounts
 
Education et intelligence artificielle
Education et intelligence artificielleEducation et intelligence artificielle
Education et intelligence artificielle
 
3 familles d'intelligence artificielle et leurs applications business
3 familles d'intelligence artificielle et leurs applications business3 familles d'intelligence artificielle et leurs applications business
3 familles d'intelligence artificielle et leurs applications business
 
Présentation FrenchWeb: Qu'est-ce que la visualisation des données?
Présentation FrenchWeb: Qu'est-ce que la visualisation des données?Présentation FrenchWeb: Qu'est-ce que la visualisation des données?
Présentation FrenchWeb: Qu'est-ce que la visualisation des données?
 
Presentation of programming languages for beginners
Presentation of programming languages for beginnersPresentation of programming languages for beginners
Presentation of programming languages for beginners
 
Umigon: crowdsourcing in the classroom
Umigon: crowdsourcing in the classroomUmigon: crowdsourcing in the classroom
Umigon: crowdsourcing in the classroom
 
Data visualization: enjeux pour le business
Data visualization: enjeux pour le businessData visualization: enjeux pour le business
Data visualization: enjeux pour le business
 
Twitter for beginners
Twitter for beginnersTwitter for beginners
Twitter for beginners
 
An explanation of machine learning for business
An explanation of machine learning for businessAn explanation of machine learning for business
An explanation of machine learning for business
 
Data and personalization
Data and personalizationData and personalization
Data and personalization
 
A Primer on Text Mining for Business
A Primer on Text Mining for BusinessA Primer on Text Mining for Business
A Primer on Text Mining for Business
 
The business stakes of data integration
The business stakes of data integrationThe business stakes of data integration
The business stakes of data integration
 
What is big data?
What is big data?What is big data?
What is big data?
 
What is "data"?
What is "data"?What is "data"?
What is "data"?
 

Recently uploaded

Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024Matteo Carbone
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 

Recently uploaded (20)

Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 

Protection of personal data in a business context

  • 1. MK99 – Big Data 1 Big data & cross-platform analytics MOOC lectures Pr. Clement Levallois
  • 2. MK99 – Big Data 2 Protection of Personal Data in a Business Context
  • 3. MK99 – Big Data 3 Preliminary distinctions to be made (1) Recognized as a creation of the mind? This piece of data in my organization (2) Recognized as personal data Neither (1) nor (2) Intellectual property rights apply Personal data protection applies Open data is possible TOPIC FOR TODAY (3) In all cases: concern for cyber security applies
  • 4. MK99 – Big Data 4 What is “the data” we talk about? •Information to be processed automatically –Hint: data on computers, not unstructured written notes •Or intended to be processed automatically –Hint: paper records to be fed in a computer, not any pile of paper •Or structured information that can be used to facilitate the retrieval of specific information on specific individuals –Hint: paper records, filing systems
  • 5. MK99 – Big Data 5 What can go wrong? •Users can be stripped of their right to privacy •Companies big and small can be prosecuted –February 2014: Google condemned to 150,000 euros fine by CNIL and to 900,000 euros fine by the Spanish Data Protection Authority –https://gigaom.com/2014/02/07/google-must-post-news-of-privacy-fine-after-french-court-refuses-to- suspend-order/ –15 July 2014: The owner of a marketing company trading as Vintels has been prosecuted for failing to notify the ICO of changes to his notification at Willesden Magistrates Court today. Jayesh Shah was fined £4000, ordered to pay costs of £2703 and a £400 victim surcharge. –http://ico.org.uk/enforcement/prosecutions (but the amounts are not powerful deterrents?)
  • 6. MK99 – Big Data 6 EU: the most restrictive legal framework •Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data •To guarantee and facilitate the free movement of personal data across EU States. •No right to export personal to a non EU-country with a lower level of personal data protection.
  • 7. MK99 – Big Data 7 Who is in charge of data protection? •EU Directive of 1995 distinguishes between –Data controller •The one in charge of setting up the data protection policy. •Ex: in the UK, the DC is in charge of declaring the personal data being processed to the ICO register. •See for instance: http://ico.org.uk/ESDWebPages/DoSearch?reg=498470 –Data processor •The one in charge of implementing the policy
  • 8. MK99 – Big Data 8 What is personal data •Personal data relates to a living individual who can be identified: •(a) from those data, or •(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, •and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
  • 9. MK99 – Big Data 9 What is personal data •France – National Commission on Informatics and Liberties (CNIL) –Data which relates directly or indirectly to an individual who is or can be identified from this data –To know if a person can be identified from the data, one should consider all means available to the agents holding the data, or to anyone else. –Datasets must be declared to the CNIL, by law.
  • 10. MK99 – Big Data 10 U.S.A. •Framework on data protection for data collected / held by the Federal government •But no general framework on data protection outside the Fed. gov •Safe Harbor Act –Managed by the Federal Trade Commission –Reason: EU orgs can’t transfer EU data to the US because US is less protective than the EU –US companies joining the SH Act voluntarily comply to the spirit of the EU directive
  • 11. MK99 – Big Data 11 India •IT Act of 2000 + IT Rules 2011 •Focus on sensitive personal information –Passwords –Financial information –Health condition –Sexual orientation –Biometric information •No need to declare data processing activities to an authority
  • 12. MK99 – Big Data 12 China •Not enacted a single piece of legislation for the protection of data –Except for general laws: National People’s Congress Standing Committee Decision concerning Strengthening Network Information Protection (http://tinyurl.com/npcdecision) •Rather, sector based pieces of legislation –Such as: Regulation on Personal Information Protection of Telecom and Internet Users (MIIT Regulation) (http://tinyurl.com/miitdecision)
  • 13. MK99 – Big Data 13 Brazil •Data privacy regulations –Made of the Brazilian constitution, the civil code, the Brazilian consumer protection and defense code •Notion of “Habeas data”, in reference to the Habeas Corpus. –The right for individual to access and edit their personal information in public and consumer databases, even after their consent has been granted •No privacy regulation authority
  • 14. MK99 – Big Data 14 Russia •Sensitive data (relating to race, politics, etc.) requires consent in written form before processing •A processor of personal data must notify the Federal Service for Supervision of Communications, Information Technologies and Mass Media (Roskomnadzor) before it begins to process personal data •No specific regulations on cookies
  • 15. MK99 – Big Data 15 Basic principles 1.Consent: users must give their approval on sharing their data 2.Adequacy: data is collected for the purposes stated, not more, not for a longer duration 3.Transparency: under the control of the user (view / edit / delete) 4.Safety: reasonable procedures should be in place to insure points 1 to 3 are applied, and to make sure the data is secure.
  • 16. MK99 – Big Data 16 Consent •Prior consent is required before collecting personal data in view of processing it –Data collection policy should be made clearly available to users –Opt out should be possible –Consent should be presented clearly (as in the new EU regulation) •Some exemptions: cookies used to deliver the core service delivered to the user (session cookies, purchase basket cookies…) •Bear in mind that cookies are just one kind of many tracers to identify users
  • 17. MK99 – Big Data 17 Adequacy •Websites, mobile apps and social media logins should ask for permissions exactly necessary to run the service, not more •Time out: information should be deleted when service stops –in France, there is a 13 month limit after which consent must be renewed
  • 18. MK99 – Big Data 18 Transparency •Information should be available on request –In 2011, an Austrian student requested all his Facebook data. He got 1,200 pages of it. –As of 2014, you can download all your FB data in one click. •Users should be able to edit, update, delete their information -> See European ruling on “Right to be forgotten”
  • 19. MK99 – Big Data 19 Safety •All reasonable precautions should be taken against data breaches. •Precautions taken should be scaled to the damage which would result from a breach in security •Basics: define and manage access rights to each relevant aspects of the data. •Users should be told about security breaches potentially affecting their data
  • 20. MK99 – Big Data 20 Where big data changes the deal •One dataset in itself does not always reveal personal information. However: several datasets combined, + use of data mining techniques, + knowledge of the domain, + hacker approach (clever guesses etc.) = identification often possible Big data
  • 21. MK99 – Big Data 21 Harvard Researchers Accused of Breaching Students' Privacy •1.2 million Facebook accounts from 4 different Universities collected by a Harvard research team •Little info on each account (age, gender…), all anonymized •But… tracing who befriends whom + demographics info can de-anonymize the dataset Source: http://chronicle.com/article/Harvards-Privacy-Meltdown/128166/ “One issue, Mr. Zimmer says, is that someone might be able to figure out individual students' identities. People with unique characteristics could be discovered on the basis of what the Harvard group published about them. (For example, the original code book lists just three students from Utah.) “He's right about how easy it is to identify people who are presumably part of the data set. By searching a Facebook group of Harvard's Class of 2009, a Chronicle reporter quickly tracked down one of those three Utah students. Her name is Sarah M. Ashburn. The 24-year-old is in Haiti working for a foundation that helps AIDS victims.”
  • 22. MK99 – Big Data 22 London’s bike-share program unwittingly revealed its cyclists’ movements for the world to see “Those are journeys made between 4am and 10am [by a single bike-share user]. They head in one direction: towards King’s Cross (in fact, to the only cycle docking station near the Guardian’s headquarters). And they come from two places, suggesting this person spends the night at a location that is not home.” Source: http://qz.com/199209/londons-bike-share-program-unwittingly-revealed-its-cyclists-movements-for-the-world-to-see/
  • 23. MK99 – Big Data 23 Riding with the Stars: Passenger Privacy in the NYC Taxicab Dataset Source: http://research.neustar.biz/2014/09/15/riding-with-the-stars-passenger-privacy-in-the-nyc- taxicab-dataset/ Bradley Cooper Jessica Alba “In Brad Cooper’s case, we now know that his cab took him to Greenwich Village, possibly to have dinner at Melibea, and that he paid $10.50, with no recorded tip.”
  • 24. MK99 – Big Data 24 Best practices for data protection in a big data world •Basic rule: this is not because users granted access to different pieces of data that they granted rights to access / dissemination to all the personal information that can be reconstructed from it. •Beware access rights to geolocalized, network, timestamped and textual data –All are very informative even when anonymized, especially when crossed together. •Beware the long tail –While very common profiles (“average joe”) might be hard to identify in a dataset, odd profiles stand out easily and might be put at risk of being de- anonymized.
  • 25. MK99 – Big Data 25 Last note: data protection in a post-Snowden world •Assumption: your national state and surely others have access to the servers and communications of organizations. •If not, states can issue legal injunctions to organizations to deliver private information. •This means that data protection for individuals, by companies, has limits: it is not free from state surveillance. •Except… for companies that put personal data protection at the heart of their business model? Snowden cites https://spideroak.com/ as an example. July 2014: Snowden on data privacy, technology, cloud companies and more.
  • 26. MK99 – Big Data 26 This slide presentation is part of a course offered by EMLYON Business School (www.em-lyon.com) Contact Clement Levallois (levallois [at] em-lyon.com) for more information.